Microsoft must clarify the Windows 8 boot spec and how it impacts Linux

After enjoying more than a week of positive press in regards to its Windows 8 product, Microsoft has found itself in a new controversy today regarding the software, and is refusing to clarify the situation.

Matthew Garrett, a mobile Linux developer at RedHat (purveyors of a popular Linux distribution), blogged this morning that the ‘secure boot’ component of Windows 8, which Microsoft has touted as security-enhancing, might make it impossible to dual-boot Linux alongside of operating system.

The new boot procedures demand that ‘signing keys’ be installed into a computer’s firmware. Secure boot prevents executables from being run that are not signed by one of the keys. This is critical, as it could keep certain software from being installed and run on a great number of machines. In the words Mr. Garrett:

There is no centralised signing authority for these UEFI keys. If a vendor key is installed on a machine, the only way to get code signed with that key is to get the vendor to perform the signing. A machine may have several keys installed, but if you are unable to get any of them to sign your binary then it won’t be installable. […] A system that ships with only OEM and Microsoft keys will not boot a generic copy of Linux.

Needless to say, that is a wholly unacceptable situation, and one that, if Microsoft is actually planning to sustain, will materially tarnish Windows 8.

But there is another element to this story that was well explored by Mary Jo Foley of ZDNet, that Microsoft is being reticent to state what is in fact the truth on the matter. In her post on the issue she expresses frustration that Microsoft is willing to let an important discussion publicly burn without taking part. All Microsoft needs to do is clarify its own product. The market is hardly asking for feature details before the company wishes to reveal them, all it is asking for is for Microsoft to comment on its publicly released data that is being discussed.

So far, no word. As it turns out, the Linux community has been worrying about the boot specification that Windows 8 uses for some time:

The fear expressed by the Linux community in June was that proprietary operating system vendors could demand an implementation of Secure UEFI where device makers do not or cannot share private keys with the buyers/users of the device. Without that, only the entities in the signature database will be able to authenticate drivers and OSes for the hardware.

This is not a small issue. If Microsoft does attempt to make it impossible for the average consumer to install and run Linux aside of Windows 8, it will lose whatever inroads that it has made with developers in the past few years. Even more, it’s restrictive and could open the company to even more anti-trust scrutiny.

Perhaps there is no issue. It could be that Microsoft has foreseen this issue and has a workaround (at worst). But we don’t know, because Microsoft won’t tell us. They will, but the company will have suffered from its reticence to not pipe up with the truth.